Employers! Gain Access to Thousands of Elite Cybersecurity Professionals Each Month.

Metacurity has launched a jobs destination to offer our thousands of unique visitors each month access to infosec job opportunities. We offer employers cost-effective access to the elite cybersecurity personnel who visit Metacurity.  Post your jobs there now to find the scarce talent you seek.

Sponsor message. Interested in sponsoring Metacurity? Email us at info@metacurity.com and we’ll get back to you right away.


Latest News

7 months ago
Thomas Brewster / Forbes

Aventura Technologies and Current and Former Employees Hit With Criminal Charges for Illegally Selling Chinese Surveillance and Security Equipment, Luxury Yacht and Financial Accounts Seized

Federal prosecutors filed charges against Long Island, New York-based technology company Aventura Technologies, along with seven current and former employees, including CEO Frances Cabasso, claiming it had exposed the U.S. government and private customers to security risks by illegally importing and selling surveillance and security equipment from China. Although Aventura claimed its technology was made in the U.S., much of it appeared to be banned technology from China. The criminal complaint also alleged the Cabassos laundered the money they made with the relabelled Chinese kit. Government agents raided the firm and seized the Cabassos 70-foot luxury yacht and froze $3 million in 12 financial accounts that contained “proceeds from the defendants’ unlawful conduct.”  Aventura’s managing director Jack Cabasso and his wife were among those charged.

7 months ago
Jeff Stone / Cyberscoop

Flaw in Amazon’s Ring Video Doorbell Pro IoT Can Allow Attacker to Intercept Wi-Fi Credentials and Attack Household Network

An issue in Amazon’s Ring Video Doorbell Pro IoT device allows an attacker physically near the device to intercept the owner’s Wi-Fi network credentials and possibly mount a broader attack against the household network, researchers at Bitdefender report. One primary reason the credentials are interceptable is that the device receives the user’s network credentials from the smartphone app, with the data exchange performed through plain HTTP, which means that the credentials are exposed to any nearby eavesdroppers. A hostile actor can also trigger the reconfiguration of the Ring Video Doorbell Pro by continuously sending de-authentication messages so that the device gets dropped from the wireless network.

7 months ago
Catalin Cimpanu / ZDNet

Echo Speakers, Samsung and Sony Smart TVs, Xiaomi Mi9 Phone and Routers Hacked on First Day of Pwn2Own, Bug Hunters Earned $195,000

Amazon Echo speakers, Samsung and Sony smart TVs, the Xiaomi Mi9 phone, and Netgear and TP-Link routers were hacked on the first day of the Pwn2Own hacking contest in Tokyo, with bug hunters earning a total of $195,000. It appears so far that Google Nest cameras and Facebook Portal hubs will survive this year’s competition because no security researchers announced plans to attempt exploits on these devices. Team Fluoroacetate, made up of Amat Cama and Richard Zhu, the winners of the last two Pwn2Own competitions, successfully hacked the Amazon Echo, as well as Sony and Samsung smart TVs, and the Xiaomi Mi9 smartphone.

ANNOUNCING METACURITY’S INFOSEC JOBS DESTINATION

Metacurity is now offering employers a unique way to reach out to thousands of elite infosec job candidates. Visit our infosec jobs destination today and take advantage of early-bird pricing.

(Sponsor message)


7 months ago
Brian Fung / CNN

Facebook Sued by California for Failing to Respond to Subpoenas Over Its Privacy Practices, 18-Month Investigation Revealed

In a filing in California Superior Court, California Attorney General Xavier Becerra revealed the state has been conducting an 18-month investigation into Facebook’s privacy practices and accused the social media giant of failing to provide answers to 19 sets of questions and records. Becerra also accused Facebook of failing to provide copies of requested executive communications.  California’s investigation into Facebook has involved two subpoenas containing more than a dozen sets of questions and several requests for documents related to privacy settings, developer policies, and communications involving top executives. The investigation began as an inquiry into the Cambridge Analytica scandal and expanded over time into whether Facebook violated California law.

Podcasts

7 months ago
Threatpost

Emotet Resurgence Continues With New Tactics, Techniques and Procedures

Since Emotet came out of hibernation last month, researchers are seeing the banking trojan’s authors take on a consistent trend of new evasion tactics and social engineering techniques. Suweera De Souza, principal security research analyst with Netscout, talks about some some of the new tactics and techniques that she has observed Emotet using since its reemergence just last month.

7 months ago
NPR

2 Ex-Twitter Employees Charged With Spying For Saudi Arabia

NPR’s Rachel Martin talks to Mike Chapple, a former computer scientist with the NSA, who says Twitter should have known that its employees were working for a foreign power.

7 months ago
Cyberlaw Podcast

Sandworm and the GRU’s global intifada

This episode is a wide-ranging interview with Andy Greenberg, author of Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers.

7 months ago
Smashing Security

153: Cybercrime doesn’t pay (but Uber does)

Graham Cluley and Carole Theriault, joined this week by Lisa Forte talk about the cybercrime lovebirds who hijacked Washington DC’s CCTV cameras in the run-up to Donald Trump’s inauguration, the truffle-snuffling bankers at the center of an insider-trading scandal, and the hackers that Uber paid hush money to hide a security breach.

7 months ago
ISC StormCast

Google PlayStore Security; Xen and npcap Patches; TrendMicro Insider Issue; SANS Ouch Newsletter

Johannes Ullrich talks about Google Improving PlayStore Security With Partners, Xen Security Advisories, npcap pool corruption vulnerability, TrendMicro Employee Selling Customer Data to Tech Support Scammers.

7 months ago
Wall Street Journal Tech News Briefing

Google Buys Fitbit. What Does It Mean for Users’ Data?

Google has bought wearables device maker Fitbit for 2.1 billion dollars. The search giant wants to become a major player in health data. But the Wall Street Journal’s Sarah E. Needleman says the deal raises questions about how users’ health and wellness data will be used.

Cybersecurity Events

June 1-4POSTPONED - Gartner Security & Risk Management SummitNational Harbor, MDUSA
June 2-4POSTPONED - National Cyber SummitHuntsville, ALUSA
June 4-13Pen Test HackFest & Cyber Ranges Summit & TrainingVirtualVirtual
June 6POSTPONED BSides San AntonioVirtualVirtual
July 7-12CANCELED SteelconBirminghamUK
June 11-12POSTPONED - Area 41ZurichSwitzerland
June 12-14CircleCityConVirtualVirtual
June 13DisinfosecVirtualVirtual
June 20-21POSTPONED Blue Team ConChicago, ILUSA
July 25-Aug. 2HOPE: Hackers on Planet EarthVirtualVirtual
Aug. 4-5CANCELED BSides Las VegasLas Vegas, NVUSA
Aug. 1-6Virtual Black Hat USAVirtualVirtual
Aug. 6-9 DefconVirtualVirtual
Sept. 22-25WWHF DEADWOOD 2020Deadwood, SDUSA
Oct. 24-25GrrrconGrand Rapids, MIUSA


Listen to Metacurity on Alexa

Metacurity now has over 500 monthly listeners, and thousands of plays for our ongoing summaries on Amazon Alexa.

Sign up on Alexa today and just ask “Alexa, what’s the latest in cybersecurity news!”


Please Support Us!

We need the help and support of our individual readers as we develop new forms of corporate support, including sponsorships and an information security job hub. Please support Metacurity’s  by one of the two following methods. If you have any questions at all, please don’t hesitate to contact us at info@metacurity.com

Patreon

We’ve launched a Patreon campaign to help you support the Metacurity community. Check it out and earn lots of goodwill from your infosec peers and even get a great Metacurity sticker, among other patron rewards!

One-Time or Recurring Payments

If you like to support our effort to truly become the end of cybersecurity information overload, chip in and for less than a proverbial cup of coffee you will be doing your part to help Metacurity survive. Please select one of the options below to ensure that Metacurity sticks around as an important information security resource.